Lucene search
K

1393 matches found

Vulnrichment
Vulnrichment
added 2026/01/24 7:26 a.m.4 views

CVE-2026-1081 Set Bulk Post Categories <= 1.1 - Cross-Site Request Forgery to Bulk Post Category Update

The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the bulk category update functionality. This makes it possible for unauthenticated attackers to modify post categorie...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/24 7:26 a.m.4 views

CVE-2026-1076

The Star Review Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to update the plugin's CSS settings via a forged...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References4
CVE
CVE
added 2026/01/24 7:26 a.m.10 views

CVE-2026-1070

CVE-2026-1070 refers to the WordPress plugin “Alex User Counter” (versions

4.3CVSS5.5AI score0.00158EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/24 7:26 a.m.5 views

CVE-2026-1070 Alex User Counter <= 6.0 - Cross-Site Request Forgery to Settings Update

The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0. This is due to missing nonce validation on the alexusercounterfunction function. This makes it possible for unauthenticated attackers to update the plugin settings via...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/24 7:26 a.m.4 views

CVE-2025-14903 Simple Crypto Shortcodes <= 1.0.2 - Cross-Site Request Forgery to Plugin Settings Update

The Simple Crypto Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2. This is due to missing nonce validation on the scsbackend function. This makes it possible for unauthenticated attackers to update plugin settings via a forged...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References3
NVD
NVD
added 2026/01/23 5:16 p.m.6 views

CVE-2025-67230

Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to invoke external protocol handlers without sufficient validation...

7.1CVSS0.0022EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/23 3:28 a.m.33 views

CVE-2026-0761 Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability

Foundation Agents MetaGPT actionoutputstrtomapping Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required to exploit this vulnerability. The...

9.8CVSS0.01051EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/23 12:0 a.m.4 views

CVE-2025-67230

Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to invoke external protocol handlers without sufficient validation...

7.1CVSS5.9AI score0.0022EPSS
Exploits0References3
CVE
CVE
added 2026/01/23 12:0 a.m.11 views

CVE-2025-67230

The CVE-2025-67230 issue affects ToDesktop Builder v0.33.0, where improper permissions in the Custom URL Scheme handler allow attackers with renderer-context access to invoke external protocol handlers without sufficient validation. This creates a risk of abuse via unvalidated external protocol i...

7.1CVSS5.4AI score0.0022EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.6 views

ALGO 8180 IP Audio Alerter: Cross-site scripting vulnerability

ALGO 8180 IP Audio Alerter is an IP speaker developed by ALGO Corporation. The ALGO 8180 IP Audio Alerter has a cross-site scripting vulnerability. This vulnerability stems from the lack of validation of user input during the system log viewing function, which may lead to storage-based cross-site...

6.1CVSS5.9AI score0.00371EPSS
Exploits0References1
NVD
NVD
added 2026/01/20 2:15 a.m.8 views

CVE-2026-1051

The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hooknewsletteraction function. This makes it possible for unauthenticated...

4.3CVSS0.00104EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/20 1:22 a.m.5 views

CVE-2026-1051

The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hooknewsletteraction function. This makes it possible for unauthenticated...

4.3CVSS5.4AI score0.00104EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.7 views

PT-2026-3554

HTML injection vulnerability in multiple Botble products such as TransP, Athena, Martfury, and Homzen, consisting of an HTML injection due to a lack of proper validation of user input by sending a request to '/search' using the 'q' parameter...

5.1CVSS5.5AI score0.00262EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : nodejs:18 (AXSA:2024-8777:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8777:01 advisory. node-tar: denial of service while parsing a tar file due to lack of folders depth validation CVE-2024-28863 nodejs: Bypass network import restrictio...

6.5CVSS6.6AI score0.01104EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/19 7:57 p.m.16 views

CVE-2026-23851 SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper pat...

8.3CVSS0.00436EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/01/19 7:57 p.m.2 views

CVE-2026-23851 SiYuan Vulnerable to Arbitrary File Read via File Copy Functionality

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from any location on the server's filesystem into the application's workspace without proper pat...

8.3CVSS5.7AI score0.00436EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.5 views

PT-2026-3497

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.4 Description SiYuan is a personal knowledge management system with a logic issue in the /api/file/globalCopyFiles API endpoint. The issue allows authenticated users to copy files from any location on the server’s...

8.3CVSS5.5AI score0.00436EPSS
Exploits1References13
RedhatCVE
RedhatCVE
added 2026/01/17 1:18 p.m.10 views

CVE-2025-14894

Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...

9.8CVSS7.1AI score0.00571EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.13 views

PT-2026-3246

Name of the Vulnerable Software and Affected Versions Livewire Filemanager affected versions not specified Description Livewire Filemanager, commonly used in Laravel applications, contains a flaw in LivewireFilemanagerComponent.php where it does not perform adequate file type and MIME validation...

10CVSS6AI score0.00571EPSS
Exploits0References26
RedhatCVE
RedhatCVE
added 2026/01/14 9:18 p.m.5 views

CVE-2026-22870

GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, GuardDog's safeextract function does not validate decompressed file sizes when extracting ZIP archives wheels, eggs, allowing attackers to cause denial of service through zip bombs. A malicious package can consume gigabyt...

7.5CVSS6.6AI score0.00431EPSS
Exploits1References1
Rows per page
Query Builder